|Número de publicación||US6512454 B2|
|Tipo de publicación||Concesión|
|Número de solicitud||US 09/859,251|
|Fecha de publicación||28 Ene 2003|
|Fecha de presentación||17 May 2001|
|Fecha de prioridad||24 May 2000|
|También publicado como||US20020014962|
|Número de publicación||09859251, 859251, US 6512454 B2, US 6512454B2, US-B2-6512454, US6512454 B2, US6512454B2|
|Inventores||Alberto Miglioli, Virginio Ratti, Emilio Riva, Luigi Villa|
|Cesionario original||International Business Machines Corporation|
|Exportar cita||BiBTeX, EndNote, RefMan|
|Citas de patentes (5), Citada por (39), Clasificaciones (11), Eventos legales (5)|
|Enlaces externos: USPTO, Cesión de USPTO, Espacenet|
The present invention relates to the protection of electronic devices such as printed circuit boards and cards from unauthorized intrusion. More particularly, the present invention relates to an improved intrusion detection structure for use with such devices.
It is a usual requirement for many computer applications to protect data from unwanted access by an unauthorized user. Many software protection systems are known in the art to allow only selected users to access said protected data, with the use of a password or other identification methods. Communication of data on a network is protected from undesired detection by means of encryption methods. Passwords, encryption keys and other sensitive data are usually stored in memory components in the computer systems and need to be protected even more carefully from unwanted inspection. Software control and protection methods may be not enough to stop an experienced person from bypassing these protections and tampering with the computer hardware, e.g. by direct interrogation of memory components such as integrated circuit memory.
A possible protection from the above physical attacks is to provide some kind of detecting means which detects an attempted intrusion within a protected sensitive area and reacts by giving an alarm or even by destroying any sensitive information to avoid the loss of secrecy.
U.S. Pat. No. 5,790,670 discloses an intrusion detection mechanism having a metallic cover for protecting an encryption circuitry and a memory in which the encryption key is stored. The metallic cover has a top and a bottom side which are secured together by a screw. The screw merely functions to cause a switch arm to depress a switch button when the mechanism is in the desired, assembly mode. When the security screw is rotated, a circuit is activated (by opening of the button), the attempt to open the cover is detected and a destruct circuit is enabled which causes the memory to be erased. A drawback of this method is that the electromechanical switch utilized is subject to hot and cold temperatures, dampness and other deteriorating environmental conditions which can adversely affect the switch's level of performance, especially after prolonged exposure to such conditions. Furthermore, a failure of the circuit itself may be caused by oxidation of the circuitry at various portions thereof as a result of such prolonged exposure.
For the reasons above, an improved and relatively simple mechanism for detecting the attempt to open the protecting cover of a protective enclosure would be desirable. It is an object of the present invention to alleviate the above drawbacks of the prior art.
According to one aspect of the present invention, there is provided a tamper resistant enclosure for protecting an electronic device comprising a first cover on a first side of said electronic device, a second cover on the opposite side of said electronic device, a plurality of fixing elements passing through the first cover and the device and securing the first cover to the second cover while forming a circuit, and detecting means for detecting the removal of at least one of said fixing elements (e.g., screws).
According to another aspect of the invention, there is provided an electrical assembly which includes an electronic device including an electrical circuit having sensitive information as part thereof, a tamper resistant enclosure, the electronic device being positioned within the enclosure, the enclosure including a first cover for being positioned substantially on a first side of the electronic device, a second cover for being positioned substantially on the opposite side of the electronic device from the first side, a plurality of fixing components passing through the first cover for securing the first cover to the second cover, the fixing elements adapted for passing through the electronic device and forming a part of the electrical circuit of the electronic device when the first cover is secured to the second cover, and a detector for detecting the interruption of the electrical circuit caused by at least the partial removal of at least one of the fixing elements.
Various embodiments of the invention will now be described in detail by way of examples, with reference to accompanying figures, where:
FIGS. 1 and 1A show prospective and elevational views of a tamper resistant card enclosure according to a preferred embodiment of the present invention. Note that FIG. 1A is inverted with respect to FIG. 1;
FIG. 2 shows an enlarged, side view of the enclosure of FIGS. 1 and 1A.
FIG. 2A shows a further enlarged, partial view of the enclosure; and
FIG. 3 shows the electrical circuit used in a preferred embodiment of the present invention, in combination with associated elements of the invention's enclosure.
With reference to FIG. 1 and FIG. 1A, a tamper resistant enclosure according to a preferred embodiment of the present invention is shown. An electronic device 209 containing sensitive information (e.g. an electronic cryptographic card), is protected by a metal enclosure comprising an external cover 215 and an internal cover 205. The bottom side of the external cover has four standoffs 223 in proximity of the four corners. Device 209 has four holes corresponding to the four standoffs 223. Internal cover 205 can be secured to external cover 215 by means of four screws 201 which pass through the holes in device 209 and fit into standoffs 223. (Again note that FIG. 1A is inverted with respect to FIG. 1.) Flexible cables 211 provide the electrical connection between device 209 and the outside world.
Looking at FIG. 2, which, like FIG. 1A, is inverted relative to FIG. 1, the same enclosure is shown with all the parts assembled together. As mentioned above, screws 201 secure internal cover 205 to device 209 and external cover 215 by means of standoffs 223. Belville washer 203 is interposed between the head of screw 201 and the top side of device 209, while star washer 221 is interposed between device 209 and standoff 223. Device 209 comprises a dielectric substrate (e.g., a printed circuit board or card) with a metal pad 219 (see also FIG. 3) around each hole for ensuring the electrical connection to ground through star washer 221, standoff 223 and the body of external cover 215. As is understood, the conductive screw forms part of the circuitry, along with star washer 221, pad 219, standoff 223 and cover 215, the latter coupled to ground (FIG. 3). Any break in the ground connection will trigger the circuit's alarm into action. According to a preferred embodiment of the present invention, the tamper resistant enclosure can be secured to a card (e.g. a mother board, or a standard PCI mother card) 207. Communications with device 209 are provided by cables 211, while external cover 215 is soldered to ground through tabs 213.
When one of the screws 201 is at least partially removed and internal cover 205 is also at least partially removed, device 209 is lifted together with internal cover 205, with assist by spring 217 (FIG. 2A). The circuit described above (metal pad 219, star washer 221, standoff 223 and external cover 215) is interrupted and the system assumes that a tampering is being attempted. The circuit is designed to react by giving an alarm and/or by destroying all the sensitive information contained in the protected electronic device 209. According to a preferred embodiment of the present invention, the detected intrusion attempt causes an erasing circuit to be activated and the memory containing sensitive information to be erased.
FIG. 3 shows the tamper detection circuit according to a preferred embodiment of the present invention. A voltage Va is constantly supplied at point 301. The supply can be provided either by a battery or by a system power supply. Four comparators 303 monitor the circuit. Each comparator 303 has one input (+) fixed at a reference voltage (Vref) and a second input (−) connected to one of the circular pads 219. In normal operational conditions, when the package is closed and circular pads 219 are forced to a low level (ground) by means of the above mentioned circuit (star washer 221, standoff 223 and external cover 215), the comparators' output is inactive (i.e. no tamper is detected). If one of the screws 201 is removed and internal cover 205 (together with device 209) is lifted, the corresponding circular pad(s) 219 lose the connection to ground and the negative (−) input of the corresponding comparator goes to a high level, causing the comparator to trigger the erasing circuit. Another event which can cause the activation of the comparator is the removing of the battery or the interruption of the power supply. The reaction in this case is the same as described above and the sensitive information is destroyed because the security of the system cannot be guaranteed any longer.
|Patente citada||Fecha de presentación||Fecha de publicación||Solicitante||Título|
|US4811288 *||24 Jun 1986||7 Mar 1989||Ncr Corporation||Data security device for protecting stored data|
|US5621387 *||8 Ago 1995||15 Abr 1997||Elk Products, Inc.||Box|
|US5790670||18 Jul 1996||4 Ago 1998||Citicorp Development Center, Inc.||Apparatus and method for securing electronic circuitry|
|US5858500 *||10 Mar 1994||12 Ene 1999||W. L. Gore & Associates, Inc.||Tamper respondent enclosure|
|US5861662 *||24 Feb 1997||19 Ene 1999||General Instrument Corporation||Anti-tamper bond wire shield for an integrated circuit|
|Patente citante||Fecha de presentación||Fecha de publicación||Solicitante||Título|
|US6859142 *||9 Ago 2002||22 Feb 2005||Koninklijke Philips Electronics N.V.||Method and device for theft protection of electronic apparatus connected to a bus system|
|US7049970 *||22 Oct 2003||23 May 2006||International Business Machines Corporation||Tamper sensing method and apparatus|
|US7054162 *||13 Feb 2001||30 May 2006||Safenet, Inc.||Security module system, apparatus and process|
|US7113103 *||11 Sep 2003||26 Sep 2006||General Electric Company||Modular security, monitoring, and control devices and methods|
|US7238901||6 May 2005||3 Jul 2007||Nautilus Hyosung Inc.||Tamper resistant pin entry apparatus|
|US7247791 *||27 May 2004||24 Jul 2007||Pitney Bowes Inc.||Security barrier for electronic circuitry|
|US8006101||20 Jun 2008||23 Ago 2011||General Instrument Corporation||Radio transceiver or other encryption device having secure tamper-detection module|
|US8164912 *||9 Oct 2007||24 Abr 2012||Cunliang Tong||Security protection box|
|US8164923 *||11 Abr 2008||24 Abr 2012||Ingenico France||Device for the protection of an electronic component|
|US8325486||13 Ene 2010||4 Dic 2012||Dy 4 Systems Inc.||Tamper respondent module|
|US8411448 *||3 Sep 2010||2 Abr 2013||PAX Computer Technology, Co., Ltd.||Security protection device and method|
|US8432300||30 Abr 2013||Hypercom Corporation||Keypad membrane security|
|US8553425 *||29 Jun 2011||8 Oct 2013||Hon Hai Precision Industry Co., Ltd.||Portable electronic device with anti-reverse engineering function|
|US8687371||18 Oct 2012||1 Abr 2014||Dy 4 Systems Inc.||Tamper respondent module|
|US8953330||4 Mar 2013||10 Feb 2015||PAX Computer Technology Co., Ltd.||Security protection device and method|
|US9055672 *||21 Dic 2012||9 Jun 2015||Compagnie Industrielle et Financiere D'Ingenierie “Ingenico”||Device for protecting an electronic printed circuit board|
|US20020002683 *||13 Feb 2001||3 Ene 2002||Benson Justin H.||Security module system, apparatus and process|
|US20050039052 *||7 May 2004||17 Feb 2005||O'donnell James||Ease of use transaction terminal|
|US20050057360 *||11 Sep 2003||17 Mar 2005||General Electric Company||Modular security, monitoring, and control devices and methods|
|US20050088303 *||22 Oct 2003||28 Abr 2005||International Business Machines Corporation||Tamper sensing method and apparatus|
|US20050275538 *||27 May 2004||15 Dic 2005||Pitney Bowes Incorporated||Security barrier for electronic circuitry|
|US20060102458 *||6 May 2005||18 May 2006||Kim Bo S||Tamper resistant pin entry apparatus|
|US20070271544 *||19 May 2006||22 Nov 2007||Rolf Engstrom||Security sensing module envelope|
|US20090212945 *||26 Feb 2008||27 Ago 2009||Steen Michael L||Intrusion detection systems for detecting intrusion conditions with respect to electronic component enclosures|
|US20100017621 *||20 Jun 2008||21 Ene 2010||General Instrument Corporation||Radio transceiver or other encryption device having secure tamper-detection module|
|US20100053919 *||11 Abr 2008||4 Mar 2010||Ingenico France||Device for the Protection of an Electronic Component|
|US20100103631 *||9 Oct 2007||29 Abr 2010||Pax Computer Technology (Shenzhen) Co., Ltd.||Security protection box|
|US20100132047 *||24 Nov 2008||27 May 2010||Honeywell International Inc.||Systems and methods for tamper resistant memory devices|
|US20100177487 *||15 Jul 2010||Nauman Arshad||Tamper respondent module|
|US20100328113 *||26 Mar 2010||30 Dic 2010||Hypercom Corporation||Keypad membrane security|
|US20110048756 *||3 Sep 2010||3 Mar 2011||Shuxian Shi||Security protection device and method|
|US20110080715 *||7 Oct 2009||7 Abr 2011||Castles Technology Co., Ltd.||Protective structure of electronic component|
|US20110280093 *||28 Ene 2009||17 Nov 2011||Nec Display Solutions, Ltd.||Data protective structure, electronic device, and method of erasing data|
|US20120275111 *||1 Nov 2012||Hon Hai Precision Industry Co., Ltd.||Portable electronic device with anti-reverse engineering function|
|US20130161086 *||21 Dic 2012||27 Jun 2013||Compagnie Industrielle Et Financiere D'ingenierie "Ingenico"||Device for Protecting an Electronic Printed Circuit Board|
|CN100474360C||8 Ago 2005||1 Abr 2009||纳蒂卢斯晓星公司||Personal identification code logging apparatus against unauthorized use|
|DE102005062492A1 *||27 Dic 2005||12 Jul 2007||Albrecht Jung Gmbh & Co. Kg||Electrical/electronic installation device for building system engineering, has screw attached to stud that comes in contact with contact positions of printed circuit board, where contact positions are in connection with alarm device|
|DE102005062492B4 *||27 Dic 2005||31 Oct 2007||Albrecht Jung Gmbh & Co. Kg||Elektrisches/elektronisches Installationsgerät|
|DE102013205729A1||28 Mar 2013||2 Oct 2014||Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V.||Vorrichtung und Verfahren mit einem Träger mit Schaltungsstrukturen|
|Clasificación de EE.UU.||340/541, 340/571, 340/652, 340/573.1|
|Clasificación internacional||G08B13/22, G08B13/14|
|Clasificación cooperativa||G08B13/149, H05K5/0208, G08B13/22|
|Clasificación europea||G08B13/14P, G08B13/22|
|17 May 2001||AS||Assignment|
Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:MIGLIOLI, ALBERTO;RATTI, VIRGINIO;RIVA, EMILIO;AND OTHERS;REEL/FRAME:011818/0387;SIGNING DATES FROM 20010427 TO 20010430
|30 Jun 2006||FPAY||Fee payment|
Year of fee payment: 4
|6 Sep 2010||REMI||Maintenance fee reminder mailed|
|28 Ene 2011||LAPS||Lapse for failure to pay maintenance fees|
|22 Mar 2011||FP||Expired due to failure to pay maintenance fee|
Effective date: 20110128